EP1650628A3 - Method and system for merging security policies - Google Patents
Method and system for merging security policies Download PDFInfo
- Publication number
- EP1650628A3 EP1650628A3 EP05108854A EP05108854A EP1650628A3 EP 1650628 A3 EP1650628 A3 EP 1650628A3 EP 05108854 A EP05108854 A EP 05108854A EP 05108854 A EP05108854 A EP 05108854A EP 1650628 A3 EP1650628 A3 EP 1650628A3
- Authority
- EP
- European Patent Office
- Prior art keywords
- security
- rules
- security policies
- rule
- set criteria
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method and system for combining and enforcing security policies is provided. The security system is provided with security policies that have process set criteria and associated rules. The security system combines the security policies by generating a rule list of the security policies and associated process set criteria. The rules of the rule list are ordered based on rule type and action of the rule. When a new process is started to execute an application, the security system determines the process set criteria that are satisfied by the application. The security system then identifies the rules of the rule list that are associated with the satisfied process set criteria. When a security enforcement event associated with the process occurs, the security system applies each of the rules associated with the process to the security enforcement event in an order specified by the rule list.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/966,800 US7739720B2 (en) | 2004-10-14 | 2004-10-14 | Method and system for merging security policies |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| EP1650628A2 EP1650628A2 (en) | 2006-04-26 |
| EP1650628A3 true EP1650628A3 (en) | 2007-12-05 |
Family
ID=35788136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP05108854A Withdrawn EP1650628A3 (en) | 2004-10-14 | 2005-09-26 | Method and system for merging security policies |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US7739720B2 (en) |
| EP (1) | EP1650628A3 (en) |
| JP (1) | JP4880269B2 (en) |
| KR (1) | KR101150128B1 (en) |
| CN (1) | CN1760791B (en) |
Families Citing this family (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100706176B1 (en) * | 2005-07-12 | 2007-04-12 | 한국전자통신연구원 | Kernel patching method and system to defend against kernel vulnerabilities |
| US7818625B2 (en) * | 2005-08-17 | 2010-10-19 | Microsoft Corporation | Techniques for performing memory diagnostics |
| US7984138B2 (en) * | 2006-06-23 | 2011-07-19 | International Business Machines Corporation | Apparatus and methods for activity-based management of computer systems |
| US8127336B2 (en) * | 2007-03-01 | 2012-02-28 | Bridgewater Systems Corp. | Systems and methods for policy-based service management |
| US8443433B2 (en) * | 2007-06-28 | 2013-05-14 | Microsoft Corporation | Determining a merged security policy for a computer system |
| US9043861B2 (en) | 2007-09-17 | 2015-05-26 | Ulrich Lang | Method and system for managing security policies |
| US8484729B2 (en) * | 2007-09-20 | 2013-07-09 | Nec Corporation | Security operation management system, security operation management method, and security operation management program |
| US20090222292A1 (en) * | 2008-02-28 | 2009-09-03 | Maor Goldberg | Method and system for multiple sub-systems meta security policy |
| KR100966014B1 (en) * | 2008-09-11 | 2010-06-24 | 현대중공업 주식회사 | Process control based file system controller according to the purpose of program operation |
| CN101364877B (en) * | 2008-09-28 | 2010-10-27 | 福建星网锐捷网络有限公司 | Security policy configuring method and apparatus thereof |
| US8312043B2 (en) * | 2008-11-26 | 2012-11-13 | Red Hat, Inc. | Isolating an execution container in a system with mandatory access control (MAC) |
| US9767273B2 (en) * | 2008-11-26 | 2017-09-19 | Red Hat, Inc. | Reliably terminating processes in a system with confined execution environments |
| US8479256B2 (en) * | 2008-11-26 | 2013-07-02 | Red Hat, Inc. | Merging mandatory access control (MAC) policies in a system with multiple execution containers |
| US8931033B2 (en) * | 2008-12-12 | 2015-01-06 | Microsoft Corporation | Integrating policies from a plurality of disparate management agents |
| US8627462B2 (en) * | 2010-05-10 | 2014-01-07 | Mcafee, Inc. | Token processing |
| US8756651B2 (en) * | 2011-09-27 | 2014-06-17 | Amazon Technologies, Inc. | Policy compliance-based secure data access |
| CN109634198B (en) * | 2011-10-05 | 2021-06-22 | 奥普唐公司 | Method, apparatus and system for monitoring and/or generating dynamic environments |
| US8813170B2 (en) | 2011-11-10 | 2014-08-19 | Microsoft Corporation | Testing access policies |
| US10255121B1 (en) * | 2012-02-21 | 2019-04-09 | EMC IP Holding Company LLC | Stackable system event clearinghouse for cloud computing |
| EP2680138B1 (en) * | 2012-06-28 | 2019-02-27 | RES Software Development B.V. | Dynamic rule management for kernel mode filter drivers |
| US9275112B2 (en) * | 2012-11-09 | 2016-03-01 | Microsoft Technology Licensing, Llc | Filtering views with predefined query |
| US9495444B2 (en) * | 2014-02-07 | 2016-11-15 | Quixey, Inc. | Rules-based generation of search results |
| US9325733B1 (en) | 2014-10-31 | 2016-04-26 | Emc Corporation | Unsupervised aggregation of security rules |
| US10628174B2 (en) | 2016-02-17 | 2020-04-21 | Microsoft Technology Licensing, Llc | Transfer of control of configuration sources |
| CN108090361B (en) * | 2016-11-22 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Security policy updating method and device |
| US10944793B2 (en) * | 2017-06-29 | 2021-03-09 | Juniper Networks, Inc. | Rules-based network security policy modification |
| EP3933632B1 (en) * | 2020-07-02 | 2023-08-16 | Mitsubishi Electric R&D Centre Europe B.V. | Verifying a correct implementation of a confidentiality and integrity policy by a software |
| CN115203704A (en) * | 2022-07-19 | 2022-10-18 | 深圳市广通远驰科技有限公司 | A security policy loading method, apparatus, electronic device and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030009685A1 (en) * | 2001-06-29 | 2003-01-09 | Tse-Huong Choo | System and method for file system mandatory access control |
| US20030145235A1 (en) * | 2001-01-31 | 2003-07-31 | Choo Tse Huong | Network adapter management |
| US20030177389A1 (en) * | 2002-03-06 | 2003-09-18 | Zone Labs, Inc. | System and methodology for security policy arbitration |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE69610168D1 (en) * | 1995-06-30 | 2000-10-12 | Ibm | Single sign-on method and apparatus in a distributed computing environment |
| US6965999B2 (en) * | 1998-05-01 | 2005-11-15 | Microsoft Corporation | Intelligent trust management method and system |
| GB0024919D0 (en) * | 2000-10-11 | 2000-11-22 | Sealedmedia Ltd | Method of further securing an operating system |
| JP4023654B2 (en) * | 2001-09-28 | 2007-12-19 | 日立ソフトウエアエンジニアリング株式会社 | Application monitoring method and program |
| CN100504853C (en) * | 2001-10-24 | 2009-06-24 | Bea系统公司 | Methods for synchronizing application data and deploying that data to remote servers |
| US20030115476A1 (en) * | 2001-10-31 | 2003-06-19 | Mckee Bret | Hardware-enforced control of access to memory within a computer using hardware-enforced semaphores and other similar, hardware-enforced serialization and sequencing mechanisms |
| US6947985B2 (en) * | 2001-12-05 | 2005-09-20 | Websense, Inc. | Filtering techniques for managing access to internet sites or other software applications |
| JP2003242123A (en) * | 2002-02-21 | 2003-08-29 | Hitachi Ltd | Collaborative access control method |
| JP4400059B2 (en) * | 2002-10-17 | 2010-01-20 | 株式会社日立製作所 | Policy setting support tool |
| JP2004265286A (en) * | 2003-03-04 | 2004-09-24 | Fujitsu Ltd | Mobile device management according to security policies selected for the environment |
| US7827049B2 (en) * | 2003-05-12 | 2010-11-02 | I2 Technologies Us, Inc. | Estimating demand for a supply chain according to order lead time |
| US7523200B2 (en) * | 2003-07-02 | 2009-04-21 | International Business Machines Corporation | Dynamic access decision information module |
| US7149873B2 (en) * | 2003-10-24 | 2006-12-12 | Hewlett-Packard Development Company, L.P. | Methods and apparatus for a dual address space operating system |
| KR100544674B1 (en) * | 2003-11-11 | 2006-01-23 | 한국전자통신연구원 | Dynamically Changing Intrusion Detection Rules in Kernel-based Intrusion Detection System |
| US20060005227A1 (en) * | 2004-07-01 | 2006-01-05 | Microsoft Corporation | Languages for expressing security policies |
-
2004
- 2004-10-14 US US10/966,800 patent/US7739720B2/en not_active Expired - Fee Related
-
2005
- 2005-08-25 KR KR1020050078157A patent/KR101150128B1/en not_active Expired - Fee Related
- 2005-09-14 CN CN2005101099068A patent/CN1760791B/en not_active Expired - Fee Related
- 2005-09-14 JP JP2005266838A patent/JP4880269B2/en not_active Expired - Fee Related
- 2005-09-26 EP EP05108854A patent/EP1650628A3/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030145235A1 (en) * | 2001-01-31 | 2003-07-31 | Choo Tse Huong | Network adapter management |
| US20030009685A1 (en) * | 2001-06-29 | 2003-01-09 | Tse-Huong Choo | System and method for file system mandatory access control |
| US20030177389A1 (en) * | 2002-03-06 | 2003-09-18 | Zone Labs, Inc. | System and methodology for security policy arbitration |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1760791A (en) | 2006-04-19 |
| US7739720B2 (en) | 2010-06-15 |
| US20060085838A1 (en) | 2006-04-20 |
| JP4880269B2 (en) | 2012-02-22 |
| JP2006114026A (en) | 2006-04-27 |
| KR101150128B1 (en) | 2012-06-21 |
| EP1650628A2 (en) | 2006-04-26 |
| CN1760791B (en) | 2010-05-26 |
| KR20060050641A (en) | 2006-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1650628A3 (en) | Method and system for merging security policies | |
| EP1677484A3 (en) | Method and system for distributing security policies | |
| WO2004107130A3 (en) | Multilayer access control security system | |
| WO2008149326A3 (en) | System and method of network access security policy management for multimodal device | |
| EP1610201A3 (en) | System and method for secure execution of an application | |
| WO2007019169A3 (en) | Method and system for workflow management of electronic documents | |
| EP1507402A3 (en) | Access control decision system, access control enforcing system, and security policy | |
| AU4703899A (en) | Network policy management and effectiveness system | |
| WO2004070564A3 (en) | System and method for money management in electronic trading environment | |
| WO2009029286A3 (en) | Controlling distribution and use of digital identity representations | |
| EP1513075A3 (en) | Method and apparatus for protecting regions of an electronic document | |
| WO2006020656A3 (en) | Alert triggers and event management in a relationship system | |
| EP1914654A3 (en) | Method and apparatus for providing digital rights management content and license, and method and apparatus for using digital rights management content | |
| WO2008063790A3 (en) | Method and apparatus for efficient spectrum management in a communications network | |
| WO2004104792A3 (en) | System and method for electronic document security | |
| EP1452981A3 (en) | A method to delay locking of server files on edit | |
| EP1496427A3 (en) | Data processing method with restricted data arrangement, storage area management method, and data processing system | |
| EP2663053A3 (en) | Methods and apparatus for creating and implementing security policies for resources on a network | |
| GB0423030D0 (en) | Data privacy management system and method | |
| WO2008136120A1 (en) | Entrance/exit management program, entrance/exit management method, and entrance/exit management apparatus | |
| WO2006053228A3 (en) | Methods and system for metering software | |
| WO2004097685A3 (en) | Distributed search methods, architectures, systems, and software | |
| WO2005024550A3 (en) | System and method for implementation of a digital image schema in a hardware/software interface | |
| EP1638021A3 (en) | Creation and Management of Content-Related Objects | |
| WO2005010706A3 (en) | System and method for optimizing sourcing opportunity utilization policies |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
| AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
| RTI1 | Title (correction) |
Free format text: METHOD AND SYSTEM FOR MERGING SECURITY POLICIES |
|
| PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
| AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
| AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
| RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 21/00 20060101AFI20071101BHEP |
|
| 17P | Request for examination filed |
Effective date: 20071221 |
|
| 17Q | First examination report despatched |
Effective date: 20080131 |
|
| AKX | Designation fees paid |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
| RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC |
|
| APBK | Appeal reference recorded |
Free format text: ORIGINAL CODE: EPIDOSNREFNE |
|
| APBN | Date of receipt of notice of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA2E |
|
| APBR | Date of receipt of statement of grounds of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA3E |
|
| APAF | Appeal reference modified |
Free format text: ORIGINAL CODE: EPIDOSCREFNE |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
| APBT | Appeal procedure closed |
Free format text: ORIGINAL CODE: EPIDOSNNOA9E |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
| 18D | Application deemed to be withdrawn |
Effective date: 20210401 |